1 kyung hee university chapter 18 domain name system
TRANSCRIPT
22Kyung Hee Universit
y
IntroductionIntroduction
Mapping a name to an address or address to a name
When the Internet was small, information for mapping i
s stored in host file
The host file would be too large to store in every host
One solution is to store the entire host file in a single computer
Another solution is to divide the information into smaller parts and storing each part on a different computer
The host that needs mapping can contact the closest computer This method is used by the Domain Name System
33Kyung Hee Universit
y
16.1 Name Space16.1 Name Space The names should be unique because the addresses ar
e unique.
Name space that maps each address to a unique name can be organized in two ways :
Flat Name Space Name is assigned to an address A name in space is a sequence of characters without structu
re The names may or may not have a common section
Hierarchical Name Space The first part : the nature of the organization The second part : the name of organization The third part : departments of the organization
44Kyung Hee Universit
y
16.2 Domain Name Space16.2 Domain Name Space The tree can have only 128 levels: level 0 (root) to level
127
Label
Each node in the tree has a label, which is a string with a maximum of 63 characters.
Domain name
A full domain name is a sequence of labels separated by dots (.)
Fully Qualified Domain Name (FQDN)
A label that is terminated by a null string
challenger.stc.fhda.edu.
77Kyung Hee Universit
y
Domain Name Space (cont’d)Domain Name Space (cont’d)
Partially Qualified Domain Name (PQDN)
A label that is not terminated by a null string
used when the name to be resolved belongs to the same site as the client
for example, if a user at the fhda.edu. site wants to get the IP address of the challenger computer, a resolver can supply the missing part, called the suffix as follows.
- challenger.atc.fhda.edu
The DNS client normally holds a list of suffixes. The following can be the list of suffixes at De Anza College
atc.fhda.edu
fhda.edu
null
99Kyung Hee Universit
y
Domain Name Space (cont’d)Domain Name Space (cont’d) Domain
A domain is a subtree of the domain name space
the name of the domain is the domain name of the node at the top of the subtree
1010Kyung Hee Universit
y
16.3 Distribution of Name Space16.3 Distribution of Name Space
Hierarchy of Name Servers
The solution to distribute a huge amount of information is to use DNS servers
dividing the whole space into many domains based on the first level
1111Kyung Hee Universit
y
Distribution of Name Space (cont’d)Distribution of Name Space (cont’d)
Zone
What a server is responsible for or has authority over
if a sever accepts responsibility for a domain and does not divide the domain into smaller domains, the “domain” and the “zone” refer to the same thing.
the server makes a database, zone file ; it keeps all the information for every node under that domain.
If a sever divides its domain into subdomains and delegates part of its authority to other servers, “domain” and “zone” refer to different things.
1212Kyung Hee Universit
y
Distribution of Name Space (cont’d)Distribution of Name Space (cont’d)
Zone
1313Kyung Hee Universit
y
Distribution of Name Space (cont’d)Distribution of Name Space (cont’d) Root Server
a server whose zone consists of the whole tree
not storing any information about domains but delegates its authority to other servers, keeping references to those servers
currently there are more than 13 root servers in the world, each covering the whole domain name space
Primary and Secondary Servers
Primary server : storing a file about the zone for which it is an authority; it can create, maintain and update the zone file
Secondary server : transferring the complete information about a zone from another server (primary or secondary) and storing the file on its local disk. If updating is required, it must be done by the primary server
it can be used as the redundant data when a server fails
1414Kyung Hee Universit
y
16.4 DNS in the Internet16.4 DNS in the Internet In the Internet, the domain name space (tree) is divided
into three different sections:
generic domains
country domains
inverse domain
1515Kyung Hee Universit
y
DNS in the Internet (cont’d)DNS in the Internet (cont’d)
Generic Domains
defining registered hosts according to their generic behavior
each node in the tree defines a domain
Generic domains labelsLabel Description
Commercial organization
Educational institution
Government institution
International organizations
Military groups
Network support centers
Nonprofit organizations
com
edu
gov
mil
int
org
net
1717Kyung Hee Universit
y
DNS in the Internet (cont’d)DNS in the Internet (cont’d)
Country Domains
using two-character country abbreviation
1818Kyung Hee Universit
y
Inverse Domain
used to map an address to a name
When a server has received a request from a client to do a task
to determine if the client is on the authorized list, the server can ask its resolver to send a query to the DNS server and ask for a mapping of address to name
Convention of reading the domain labels from the bottom to the top, IP address such as 132.34.45.121
121.45.34.132.in-addr.arpa.
DNS in the Internet (cont’d)DNS in the Internet (cont’d)
2020Kyung Hee Universit
y
16.5 Resolution16.5 Resolution
name-address resolution : mapping a name to an address or an address to a name
Resolver
A host that needs to map an addresses to a name or a name to an address calls a DNS client called a resolver.
The resolver accesses the closest DNS server with a mapping request
Mapping names to Addresses
1) resolver gives a domain name to the server and asks for the corresponding address
2) the sever checks the generic domains or the country domains to find the mapping
2121Kyung Hee Universit
y
Resolution (cont’d)Resolution (cont’d)
Mapping Addresses to Names
using PTR query
DNS uses the inverse domain
1) If the resolver receives the IP address 132.34.45.121, the resolver first inverts the address and then adds the two labels before sending
2) the domain name sent is 121.45.34.132.in-addr.arpa, which is received by the local DNS and resolved
2222Kyung Hee Universit
y
Resolution (cont’d)Resolution (cont’d)
Recursive Resolution
recursively asking for the answer to the authoritative server
2323Kyung Hee Universit
y
Resolution (cont’d)Resolution (cont’d)
Iterative Resolution
if the server is an authority for the name, it sends the answer. If it is not, it returns (to the client) the IP address of the server that it thinks can resolve the query
the client is responsible for repeating the query to this second server
if the newly addressed server can resolve the problem, it answers the query with the IP address;otherwise, it returns the IP address of a new server to the client
2525Kyung Hee Universit
y
Resolution (cont’d)Resolution (cont’d)
Cashing
to reduce the search time
When a sever asks for a mapping from another sever and receives the response, it stores this information in its cache memory before sending it to the client
use of TTL to prevent an outdated mapping
2626Kyung Hee Universit
y
16. DNS Messages16. DNS Messages
DNS has two types of messages: query and response
2828Kyung Hee Universit
y
DNS Messages (cont’d)DNS Messages (cont’d)
Header format
Both query and response messages have the same header format with some fields set to zero for the query messages (12 bytes)
Identification : 16 bits field used by the client to match the response with the query
2929Kyung Hee Universit
y
DNS Messages (cont’d)DNS Messages (cont’d) Header format (cont’d)
Flags field QR (query and response) : query – 0, response – 1 OpCode : defining the type of query and response
– standard : 0, inverse : 1, server status report :2 AA (authoritative answer) : if it is set to 1, its means that the name
server is an authoritative server. TC (truncated) : if it is set, it means that the response was more th
an 512 bytes and truncated to 512. It is used when DNS uses the services of UDP
RD (recursion desired) : meaning the client desires a recursive answer
RA (recursion available) : meaning that a recursive response is available. Used in response message
Reserved rCode : showing the status of the error in the response
3030Kyung Hee Universit
y
DNS Messages (cont’d)DNS Messages (cont’d)
Values of rCode
Value Meaning
0 No error 1 Format error 2 Problem at name server 3 Domain reference problem
4 Query type not supported
5 Administrative prohibited 6-15 Reserved
3131Kyung Hee Universit
y
DNS Messages (cont’d)DNS Messages (cont’d)
Number of question records : 16-bit field containing the number of queries in the question of the message
Number of answer records : 16-bit field containing the number of answer records in the answer section of the response message
Number of authoritative records : 16-bit field containing the number of authoritative records in the authoritative section of a response message
Number of additional records : 16-bit field containing the number of additional records in the additional section of a response message.
3232Kyung Hee Universit
y
16.7 Types of Records16.7 Types of Records
Question Record
used by the client to get information from a server. This contains domain name.
Question record format
Query name format
3333Kyung Hee Universit
y
Types of Records (cont’d)Types of Records (cont’d)
Query type (table 16.4)
Query class : defining the specific protocol using DNS
(Table 16.5)
3434Kyung Hee Universit
y
Types of Records (cont’d)Types of Records (cont’d)
Resource Record
Each domain name (each node on the tree) is associated with a record called the resource record.
The server database consists of resource records
Returned by the server to the client
Domain name
Domain type : same as the query type field in the question section
Domain class : same as query class field
Time to live
Record data length
3535Kyung Hee Universit
y
Types of Records (cont’d)Types of Records (cont’d)
Resource data
containing the answer to the query (in the answer section) or the domain name of the authoritative server (in the authoritative section) or additional information (in the additional information (in the additional information section)
A number : written in octets. IPv4 address is a four-octet integer and IPv6 address is a 16-octet integer
A domain name : expressed as a sequence of labels
3737Kyung Hee Universit
y
16.8 Compression16.8 Compression
DNS requires that a domain name be replaced by an off
set pointer when it is repeated.
Format of an offset pointer
3838Kyung Hee Universit
y
16.10 DDNS16.10 DDNS
The DNS master file must be updated dynamically the c
hange such as adding a new host, removing host, or ch
anging an IP address.
In DDNS, when a binding between a name and address
is determined, information is sent, usually by DHCP to a
primary DNS server.